Hi,
It looks like below comparison(principal instanceof GenericPrincipal) is
failing as I am returning the CustomizedPrincipal which implements the
java.security.Principal.
Is it something introduced in tomcat7.x/tomcat8.x?
RealBase.hasRole()
{
// Should be overridden in JAASRealm - to avoid pretty inefficient conversions
if ((principal == null) || (role == null) ||
!(principal instanceof GenericPrincipal))
return (false);
}
Thanks in advance
-----Original Message-----
From: Venkata Reddy P [mailto:venkata.re...@trianz.com]
Sent: Wednesday, May 18, 2016 5:23 PM
To: Tomcat Users List
Subject: RE: BASIC authentication problem in tomcat8.0.33
This was typo in while writing mail. When I debug my customized code until it
is returning the principal everything seems to be good from customization point
of view.
Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from
<catalina_home>\config, will it make any difference?
Thanks in advance
-----Original Message-----
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, May 18, 2016 5:18 PM
To: Tomcat Users List
Subject: Re: BASIC authentication problem in tomcat8.0.33
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy P wrote:
>> Hi,
>>
>> I have been using the "BASIC authentication" from the tomcat3.x onwards,
>> unfortunately after migrating to tomcat8.0.33 it is broken.
>
> BASIC auth works for me with a clean 8.0.33 install. Therefore this
> looks like a problem with your custom code.
And the space after the role name in web.xml might not help either.
Mark
>
> Mark
>
>> Could you please help on this what is going wrong?
>>
>> Step1)-------Realm customization--------
>> The customized classes are:-
>> a) CustomizedPrincipal implements Principal
>> b) CustomizedRealmBase extends RealmBase :- this is
>> returning successful customizedPrincipal to base class and then it is
>> failing with following error.
>> HTTP
>> Status 403 - Access to the requested resource has been denied
>> type
>> Status report
>>
>> message Access to the requested resource has been denied
>>
>> description Access to the specified resource has been forbidden.
>> Step2) I have removed the files 'tomcat-users.txt' and
>> 'tomcat-users.xsd' from <catalina_home>\config Spte3)-----Web.xml basic
>> authentication configuration--------
>> <security-constraint>
>> <display-name>Security Constraint</display-name>
>> <web-resource-collection>
>> <web-resource-name>Restricted Area</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>bauth </role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Basic authentication</realm-name>
>> </login-config>
>>
>> Thanks in advance.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
> For additional commands, e-mail:
> users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail:
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail:
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
